But: In step 3.3 of this tutorial you describe how to setup a user.
I did in fact setup a user but never seem to have to use it.
I am using this machine as a desktop system as well and have no users specified in /etc/passwd. Therefore I am running as root all the time .(yeah, I know, it's bad... But I like it.)

Can anyone tell me for what reason step 3.3 exists??
It just wonders me that it sems to be without effect at all._________________Greetings,
Proteus

But: In step 3.3 of this tutorial you describe how to setup a user.
I did in fact setup a user but never seem to have to use it.
I am using this machine as a desktop system as well and have no users specified in /etc/passwd. Therefore I am running as root all the time .(yeah, I know, it's bad... But I like it.)

Can anyone tell me for what reason step 3.3 exists??
It just wonders me that it sems to be without effect at all.

maybe i should let beowulf answer this but what the heck im online anyway, step 3.3 is the part that Im having trouble with.

Step 3.3 is there because basically enless you want to use your REAL username and REAL password for the system then you need to setup a email username and email password.
I would say that this is highly recomended especially since as you tell us
"i run as root" so Im going to assume that you've been using your root password to log into your email account.. fewf.. scarry stuff.. even though its imaps I still wouldnt trust it for everyday use... I've done it once or twice myself but only for testing purposes._________________Blizzard you suck.

I know that it would be more secure not to use the root account/password but hey, this is a "network" consisting of a whopping 3 computers...
All owned and used only by myself. The router I use is a NAT router with included switch, so as far as I know nobody should be able to catch my internal traffic. Correct me if i am wrong.

But it's nice to know what step 3.3 actually does

EDIT: I just tried to log in and check email with the user and password supplied in step 3.3. That does not work "login failed"_________________Greetings,
Proteus

Last edited by Proteus on Fri Jun 06, 2003 5:29 am; edited 1 time in total

From what i understand, you're trying to auth against courier-imap again? If that's the case, step 3.3 holds no purpose for you, as explained below it is for postfix and relaying from a lan computer to the internet.

When logging in to Courier-IMAP, you must use your username/password that is contained within your /etc/passswd file. The benefits are two-fold. One, user management is rather easy, secondly, once a new user has been created (a la "adduser ....") they already have an IMAP login. IMAP and SASL do not go together... They are independant of each other...

Step 3.3 is needed if you are using the SMTP services with postfix. If you are setting yourself a local SMTP server, the login that you enter is based on step 3.3. We don't use PAM, we don't use mysql... we specifically tell postfix to allow authenticated users (against sasldb) to relay email out into the internet. Hope this is a bit more clearer...

Another note, although you ask for me not to say anything... allowing root to login to any daemon is a bad idea... I believe I will ammend this guide so that it explicitly denies any root login... hehe

----

I will be making a few changes to the guide to better illustrate this, as after reading through it, I realize how vague I tend to write hehe... Thanks for all your help guys... we are improving this guide daily!_________________I have nothing witty to say here... ever

oh man ......haHAHahahAHAH.. (<- laughing at myself because I didnt understand the document even though now that I go back and read it it is quite clear.)

fewf.. well, hmm.. I guess now that I understand how the system works, I can happily report that it seems to be working prefectly.

I had just got really really confusing data just moments before reading your post, and now that i read your post everything seems to make perfect sence.

Thanks tones dude! Im going to emerge squirrelmail and procmail and finish things off and then go read a book or something.. this has really been driving me to near insanity.

[EDIT]
squirrelmail works just fine. I make sure that I log in using https ..and since it is on my local box I dont have to worry about it sending data to imap over a network so it doesnt really need any special authentification.

[EDIT]
If anyone is interested in squirrelmail or has some other php site that they are running then i strongly sudgest this little beauty -> The PHP Accelerator_________________Blizzard you suck.

Last edited by ghetto on Fri Jun 06, 2003 6:52 am; edited 2 times in total

No i was laughing at myself for not understanding the document, ive edited my last comment so it seems less confusing.

I have no wisdom to share, except that Since this is a one box server I dont seem to need fetchmail at all, the mail comes in and somehow it is magically appearing in my .maildir perhaps it is the work of postfix

I am going to try one more thing then im going to go read that book (its amazing how much fun things can suddenly become when they start to work for me and not against me.)

Now I just have to setup some wicked spam filters, and then adjust iptables, and then do my evil laughter thing.

But I think that your knowledge was indeed wort to share.
I also thought (and basically I am still thinking it) that despite the fact that this is a "one box server" one needs fetchmail to retrieve mail.

AFAIK, postfix just delivers mail and cannot retrieve it. But then again it works that way for you...

I will try to search and find out what the postfix and fetchmail programs do in effect.
If someone already has that knowledge... please share _________________Greetings,
Proteus

Added a squirrelmail section. Tested sending and receiving... both work nicely.

Posfix is your MTA. In this guide, I simply use as a relay to a SMTP server that has the rest of the necessary services (DNS MX records). Fetchmail fetches email from a remote POP/IMAP server and hands it off to procmail.

I don't understand how mail magically lands in your maildir though hehe but hey... it works, that's all that matters!_________________I have nothing witty to say here... ever

But I think that your knowledge was indeed wort to share.
I also thought (and basically I am still thinking it) that despite the fact that this is a "one box server" one needs fetchmail to retrieve mail.

Well what would you like to know, I thought you have this working?

As far as fetchmail, well I agree, I thought i needed fetchmail too, however since I uninstalled fetchmail a couple minutes ago and I am still able to send and recieve email I am begining to believe that I dont really need it.

I'll turn on the packet sniffer tomorrow and send a few emails, maybe I can figure this out.

[EDIT]
Cleaned up some spelling and grammar mistakes.._________________Blizzard you suck.

Last edited by ghetto on Fri Jun 06, 2003 9:00 am; edited 1 time in total

Before starting with implementing it I have a small question: Is it correct to fill in CN=localhost and emailAddress=root@localhost?
Why don't I have to set it to my FQDN or something like that?
I don't know where those letters are used for, and what they mean? C=country, ST=state, L = city but what do the others mean? (Well.... emailAddress i know.... )

Actually the case is that I was too confused to see that the guide works as expected.

The problems auth'ing as the mailuser were selfmade because I tried to auth to the IMAP server with it. Of course that does not work.
It works (as it should) when I try to use the mailuser to auth on the postfix server.

So at least that problem is solved for me - I hope I have not cased too much confusion, it was all my fault...

After I read all this it seems that this guide works but creates a lot of questions regarding how and why this system works. Maybe we need more in-depth knowledge. I took a look on the homepages of fetchmail, courier-imap and postfix but I find the information provided there too complicated.

1) I think we only need to add courier-imapd-ssl to the runlevel, courier-imapd seems unneeded because we only use the ssl'ed services.

2) There is a typo in step 5.2 of the guide:

Quote:

user@server $ chmod +x ~bin/getmyemailnow
user@server $ crontab -e

*/10 * * * * ~/bin/getmyemail >/dev/null 2>&1

There we create a file named "getmyemailnow" but in the crontab we call it getmyemail. It seems obvious that the "now" part must be added. Despite that it seems obvious it took me several hours to actually find out what went wrong... _________________Greetings,
Proteus

#content_filter = filter: <- im in the middle of applying some filtering, ignore these two rules.
#soft_bounce = yes

One interesting thing that I learned after firing up the packet sniffer is that
incoming email comes to me through port 25 which is the smtp port,
so in otherwords it seems that my email goes directly to Postfix all by
itself since Postfix is responsible for monitoring the smtp port.
This explains why I get the mail put into my .maildir so magically. Ive
only been able to test this using hotmail and shaw email addresses, both
of them send email to me by connecting to the smtp port.

As an interesting consequence of this is that I can now block any
attempts to connect to my imap2 or imaps servers from any location
except locally.

This makes me sleep better at night and it seems to work fine because
SquirrelMail is running locally on the box. So to get email I either connect
to squirrelmail or else I ssh to the box and run mutt locally.
(I love iptables)

About your sudgestion #1 thats a good idea for most people except I am
running squirrelmail, and squirrelmail connects to the imap2 port NOT the
imaps port. The reason I dont mind it connecting to the imap2 port is
because since squirrelmail is running locally on my box I dont actually
send any info over the network, and secondly because I havent figured
out how to get squirrelmail to authenticate against imaps.

However I strongly sudgest only connecting to squirrelmail over https that
way any information you send to it (if your not on your local computer)
from the webbrowser to the localhost will be nice and safe.

IF someone knows how to get SquirrelMail to authenticate on a imaps server please post it.

If I get some times to try to figure it out in the next couple days I will
post it myself, because this would eliminate the only reason I have for keeping an imap2 server running._________________Blizzard you suck.

Yep, i guess you should use your fqdn, but the only people that are going to see this is you, and anyone else on your lan. This system is not designed for a large lan... just for your home, so it doesn't really matter what you enter there.. hehe

Proteus:

I agree, after testing it, I should remove the standard imap start up. Since, as you have said it is un-needed. Thanks for the typo, I will be fixing it after i finish this reply.

ghetto:

To authenticate using IMAPS in squirrelmail, set it according to the values in 7.4 of this guide. When i added squirrelmail, I set it up to use IMAPs. As for postfix grabbing the email... I was under the unique impression it could not replace fetchmail. It can however replace procmail, but I don't think postfix has fetching abilities.... that said, I don't understand how it's working on your end, and after looking at your conf file, still leaves me wondering. But email's coming in and that's all that really matters

[edit: When fetchmail grabs email, it redirects it to port 25 and points it to procmail... could that be what is happening? /]_________________I have nothing witty to say here... ever

Thanks for posting your main.cf.
However, I have to agree with beowulf - I can't see a reason why postfix is suddenly able to fetch mail.

Maybe you can post in which config files you have entered your auth'ing info for your mail provider. We should be able to see then which programs know how to check your mail there._________________Greetings,
Proteus

Ok I could be wrong here, but I dont think its a matter of postfix suddently being able to fetch email. I think whats happening is that the email is being delivered directly TO postfix from the internet.

Allow me to explain what I think is going on:

I have setup my internal system hostname as blah.foo.com and I have also setup a dynamic doman name server redirecter service with dyndns.org so that it matches my real system hostname. Now a mail server gets an email for alex@blah.foo.com so it starts looking for a host named blah.foo.com and after being redirected by dyndns it finds my computer.

Now here is the trick.

Since postfix is running with an open smtp port, the server which is trying to send the email to my host see's that the smtp port is open and trys to send email to it. Postfix is listening and see's that the email is adressed to
alex@blah.foo.com and says "thank you", takes the email, and dilvers it to the apropriet mailbox.

Its kind of strange but it works, like I said fetchmail is not even installed.

@beowulf
Thanks for the tls tips for squirrelmail.. things are getting better everyday.
Now I just have to teach mutt a few tricks _________________Blizzard you suck.

First at all, I can't send any email when I use authentication. When setting smtpd_tls_auth_only to no, and I send my email anonymous, then it works. But when I (force) to use authentication, then i keeps prompting for my password (using Digest-MD5). It won't accept the password I created in section 3.3

Second, when I log in via a shell and start mutt, it says: ~/.maildir/ is not a mailbox.
Using KMail, it won't connect to it.

Note: I was running the mysql version of postfix before, so maybe I've accidently left some garbage from that tutorial in one of my conf???

Thanks for going through the guide. hmmm, what does /var/log/mail.info, /var/log/mail.err, /var/log/mail.warn say when you're trying to login to the SMTP server? Bad username? Bad Password? Bad Authentication method?

When mutt says ~/.maildir/ is not a mailbox, have you set mutt to use maildir format? Did you emerge mutt with the use flag "maildir" and with the use flag "-mbox"?

Do you have mutt/kmail connecting to an IMAP server? If so, to authenticate to IMAP, you'll need to use your system password (or PAM password)... If Kmail still cannot connect, what does the logs say... is it an authentication error? Is it even being logged?

Hope to hear back from you.

[edit: Also, I've edited the guide to use the "maildirmake" command, as opposed to mkdir. Please do this as a user "rmdir ~/.maildir && maildirmake ~/.maildir" This might be the reason Mutt and Kmail cannot connect... /]_________________I have nothing witty to say here... ever

Another happy user here !!! Thanks
Btw is there a way how to set IMAP4 servers port?

THanks for going through the guide. To set the IMAP server's port, you'll need to do 1 of two things.

If you're running the server in SSL (TLS), you'll need to edit the file "/etc/courier-imap/imapd-ssl" and change SSLPORT=993 to equal any port you like... Read the comments that are there to better understand what's going on...

If you're using the IMAP server in non-SSL (TLS), you'll need to edit /etc/courier-imap/imapd and change PORT=143 to be whatever you want. Make sure you're not running two services on the same port... such as both SSL and regular imap...

Another thing that may be required (dependant on what else you have running and such)... do this:

Code:

cat /etc/services | grep imap

...Then change it to match your new ports... I'm not sure if you need to do this, I didn't... but depending on the network setup you're using, it may be necessary... I would test to see if you can get away without doing this first...

Hope this helps_________________I have nothing witty to say here... ever

Sorry for my late response, I wasn't able to reply earlier!
All works fine now!

Somehow, I forgot to change the ownership and permissions of /etc/sasl2/sasldb.
I've fixed this, and now I can send my mail.
The mutt problem is also over now I've created the .maildir with the maildirmake command!